gcleaner | 3153c3109e15bad00cb9d96580ab612fa553c6c15d248dddbffc3f6f7930639a | Triage

Sharing

General

Target

3153c3109e15bad00cb9d96580ab612fa553c6c15d248dddbffc3f6f7930639a_NeikiAnalytics
Size

255KB
Sample

240521-ly4pkshb95
MD5

12068b3c709689a76e7432ded539ab7c
SHA1

579515827d3db8f7a6c7fda2a3d68274538d7179
SHA256

3153c3109e15bad00cb9d96580ab612fa553c6c15d248dddbffc3f6f7930639a
SHA512

842b4b4adb51a8ba20748bd777cd413cb1f1254ae10f7f372b10374b6afe360e8e1eebf4ffccc524ba5b3d15280d2b408d6bb36f9b6a617c194784ac248697db
SSDEEP

6144:aehwWf8SYTepVWgv2YwRh9SDXgcj36+iMZ40:fhwWf8ApURVhiXgcb6Mq0

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  3153c3109e15bad00cb9d96580ab612fa553c6c15d248dddbffc3f6f7930639a_NeikiAnalytics
- Size
  
  255KB
- MD5
  
  12068b3c709689a76e7432ded539ab7c
- SHA1
  
  579515827d3db8f7a6c7fda2a3d68274538d7179
- SHA256
  
  3153c3109e15bad00cb9d96580ab612fa553c6c15d248dddbffc3f6f7930639a
- SHA512
  
  842b4b4adb51a8ba20748bd777cd413cb1f1254ae10f7f372b10374b6afe360e8e1eebf4ffccc524ba5b3d15280d2b408d6bb36f9b6a617c194784ac248697db
- SSDEEP
  
  6144:aehwWf8SYTepVWgv2YwRh9SDXgcj36+iMZ40:fhwWf8ApURVhiXgcb6Mq0
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2